'use strict'

module.exports = async (c, next) => {
  if (c.method === 'POST') {
    if (c.box.user.level !== c.service.admin.roleLevel.super) {
      return c.status(403).send('非super用户，不能创建管理员')
    }
    return await next()
  }

  if (c.param.id === 'self') {
    c.param.id = c.box.user.id
  }

  if (c.method === 'DELETE' && c.box.user.id === c.param.id) {
    return c.status(403).send('用户不能删除自己')
  }
  
  if (c.box.user.id !== c.param.id) {
    if (c.box.user.level !== c.service.admin.roleLevel.super) {
      return c.status(403).send('没有权限执行此操作')
    }
  }

  await next()
}